Home
Log inSign up (free)
TechByteLab - Where Tech Gets Its Groove On!
Where Tech Gets Its Groove On!
Search the site with:

Generate TLS / SSL X509 Certificate (Self-Signed Or CA-Signed) Using New Or Existing Private Key And CSR

This tool allows you to generate an X509 certificate using a new or existing private key and CSR (certificate signing request).
You can sign the CSR using an existing CA certificate that you have (creating a CA-signed certificate), or you can create a self-signed certificate.

Note: Your input will be uploaded to the server for processing; but no part of it or any generated data is stored on the server for any duration.
As a general tip, do not use a self-signed certificate in production environment; it is okay for testing purpose in local development setups.

Create Private Key

This section allows you to create your private key. A private key is needed for all the operations.

If you already have your private key, paste it in the field "Private key PEM" (along with the passphrase in the field "Passphrase" if it's encrypted; the field "Cipher" is ignored in this case), and go to the next section ("Create CSR") below.

Private key type:
Select the curve (for EC / ECC key type only):
Select the bit-length (for RSA key type only):
Private key PEM (will be generated below, or paste here if you have it):
using the Cipher

Create CSR (Certificate Signing Request)

This section allows you to create your CSR (certificate signing request). A certificate is obtained by signing the CSR.

If you already have your CSR, paste it in the field "CSR PEM" (along with filling all other fields except "Distinguished names..." and "Digest algorithm..."; they'll be used for the certificate), and go to the next section ("Create Certificate") below.

Encoding to use:
Distinguished names to add to the CSR (the field "Common name" is required; others are optional):
Common name - this is the domain name for an SSL server certificate (one per line; currently, we only support a single value):
Country - 2-letter ISO country code (one per line; currently, we only support a single value):
State or province name (one per line; currently, we only support a single value):
City or locality (one per line; currently, we only support a single value):
Organization (company) name (one per line; currently, we only support a single value):
Organizational unit (department):
Contact email address:
Job title:
Last name:
First name:
Initials:
Alias or pseudonym:
Suffix:
Domain component (one per line; currently, we only support a single value):
Certificate serial number (optional):
DN qualifier string:
SAN (Subject Alternative Name) to add to the CSR or certificate (all the fields are optional):
DNS (one per line):
Email address (one per line):
IP address (one per line):
Other name (one per line):
RID (one per line):
URI (one per line):
Key usage (for CSR or certificate):
Extended key usage: (for CSR or certificate)
Digest algorithm for the CSR:
CSR PEM (will be generated below, or paste here if you have it):

Create Certificate

This section allows you to create your certificate. A certificate is obtained by signing a CSR. It can be signed by another certificate (a CA certificate), or it can be self-signed.

If you have a CA certificate (with which to sign the new certificate), paste it in the field "CA certificate PEM". In this case, you need to paste the private key corresponding to this CA certificate in the field "Private key PEM" in the first section "Create Private Key" above.

Otherwise (i.e., if you want a self-signed certificate), leave the field "CA certificate PEM" blank. In this case, you need to paste the private key corresponding to the CSR in the field "Private key PEM" in the first section "Create Private Key" above.

CA certificate PEM (to sign the new certificate; paste here if you have it, or leave blank for a self-signed certificate):
Tip: A CA certificate can be used to sign other certificates (including sub-CA certificates, creating a chain).
Tip: If this is 0, the CA cannot sign any sub-CA (and can only sign end-entity certificates).
Policies to add to the CA certificate:
commonName:
countryName:
stateOrProvinceName:
localityName:
organizationName:
organizationalUnitName:
emailAddress:
title:
surname:
givenName:
initials:
pseudonym:
generationQualifier:
domainComponent:
serialNumber:
dnQualifier:
Certificate validity (days):
:
Certificate PEM (will be generated below):